Claims 

We claim: 

1. A method for protecting a distributed application user, comprising 

providing a distributed application on a server; 
determining a security value for an authenticated user of the distributed 
application; 

associating the security value with a set of commands of the distributed 
application; 

receiving one of the set of commands on the server from the authenticated user; 

and 

checking the one command for the security value. 

2. The method of claun 1, further comprising returning an error message to the user if the 
security value is not found with the one command. 

3. The method of claim 1, further comprising authenticating the user of the distributed 
application, prior to the determining step, 

4. The method of claim 1, wherein the security value is a pseudo-random number. 

5. The method of claim 1, further comprising storing the security value on the server. 
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6. The method of claim 1, further comprising: 

associating the security value with session information corresponding to the 
authenticated user; and 

communicating the session information and the security value to the authenticated 

user. 

7. The method of claim 1, wherein the authenticated user operates a cUent that 
communicates with the server. 

8. The method of claim 7, wherein the associating step comprises appending the security 
value to a set of imiform resource locators (URLs) that correspond to a set of commands 
of the distributed application, and wherein the receiving step comprises receiving one of 
the set of URLs on the server from the authenticated user. 

9. The method of claim 8, wherein the one URL is pre-constructed on the server. 

10. The method of claim 8, wherein the one URL is constructed on the client, and 
wherein the method further comprises: 

extracting the security value on the client; and 
appending the security value to the one URL on the cUent. 
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1 1. A method for protecting a distributed application user, comprising: 

providing a distributed application on a server; 
authenticating a user of the distributed application; 
determining, on the server, a secimty value for the authenticated user; 
associating the security value with a set of uniform resource locators (URLs) 
corresponding to a set of conraiands of the distributed application; 

communicating the security value to a client operated by the authenticated user; 
receiving one of the set of URLs on the server from the cUent; and 
checking the one URL for the security value. 

12. The method of claim 11, further comprising returning an error message to the client if 
the security value is not found with the one URL. 

13. The method of claim 1 1, further comprising: 

determining session information for the authenticated user; and 
associating the security value with the session information, wherein the 

conmiunicating step comprises sending the session information and the security value to a 

client operated by the user. 

14. The method of claim 11, wherein the associating step comprises appending the 
security value to a set of URLs corresponding to a set of conmiands of the distributed 
application. 
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15. The method of claim 1 1, wherein the one URL is pre-constructed on the server, and 
wherein chent receives the one URL and the associated security value from the server. 

16. The method of claim 1 1, wherein the one URL is constructed on the client, and 
wherein the associating step comprises; 

extracting the security value on the client; and 
appending the security value to the one URL. 

17. The method of claim 11, further comprising storing the security value on the server, 
prior to communicating the security value to the client. 
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18. A system for protecting a distributed application user, comprising: 

a security value system for determining a security value for an authenticated user 
of a distributed application provided on a server; 

an association system for associating the security value with a set of commands of 
the distributed application; and 

a conmiand checking system for checking one of the set of commands received on 
the server from the authenticated user for the security value. 

19. The system of claim 18, further comprising a messaging system for returning a error 
message to the authenticated user if the security value is not found with the one 
command. 

20. The system of claim 18, further comprising an authentication system for 
authenticating a user of the distributed application. 

21. The system of claim 18, wherein the security value is a pseudo-random number. 

22. The system of claim 18, wherein the security value is stored on the server. 

23. The system of claim 18, wherein the security value is associated with session 
information corresponding to the authenticated user, and wherein the session information 
and the associated security value are commimicated to the authenticated user. 
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24. The system of claim 18, wherein the command checking system comprises a filter 
servlet. 

25. The system of claim 18, wherein the authenticated user operates a client that 
communicates with the server. 

26. The system of claim 25, wherein the association system appends the security value to 
a set of uniform resource locators (URLs) that correspond to a set of commands of the 
distributed application, and wherein the command checking system checks one of the set 
of URLs received on the server from the authenticated user for the security value. 

27. The system of claim 26, wherein the one URL is pre-constructed on the server. 

28. The system of claim 26, wherein the one URL is constructed on the client, and 
wherein the client comprises a command system for extracting the security value on the 
client, and for appending the security value to the one URL. 



LOT920030007US1 



20 



29. A program product stored on a recordable medium for protecting a distributed 
application user, which when executed, comprises: 

program code for determining a security value for an authenticated user of a 
distributed application provided on a server; 

program code for associating the security value with a set of commands of the 
distributed application; and 

program code for checking one of the set of commands received on the server 
from the authenticated user for the security value. 

30. The program product of claim 29, ftirther comprising program code for retuming a 
error message to the authenticated user if the security value is not found with the one 
command, 

31. The program product of claim 29, further comprising program code for authenticating 
a user of the distributed application. 

32. The program product of claim 29, wherein the security value is a pseudo-random 
number. 

33. The program product of claim 29, wherein the security value is stored on the server. 
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34. The program product of claim 29, wherein the secxirity value is associated with 
session information corresponding to the authenticated user, and wherein the session 
information and the associated security value are communicated to the authenticated user. 

35. The program product of claim 29, wherein the program code for checking comprises a 
filter servlet. 

36. The program product of claim 29, wherein the authenticated user operates a cUent that 
conmiunicates with the server. 

37. The program product of claim 36, wherein the program code for associating appends 
the security value to a set of uniform resource locators (URLs) that correspond to a set of 
commands of the distributed application, and wherein the program code for checking 
checks one of the set of URLs received on the server fi"om the authenticated user for the 
security value. 

38. The program product of claim 37, wherein the one URL is pre-constructed on the 
server. 

39. The program product of claim 37, wherein the one URL is constructed on the client, 
and wherein the cUent comprises a program code for extracting the security value on the 
client, and for appending the security value to the one URL. 
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